If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Even a good 'nix admin might not be all that familiar with security on a Windows server if required by an employer to set one up.

Yes: a desktop or server based on the same operating system, obviously. My apologies.

If the OS is lacking in security features though, someone who knows the problems and is willing to investigate third party solutions will be able to set up a secure server with it.

To an extent. This is certainly possible with open-source operating systems where everything is customisable past the limits of sanity, and if there's an insecurity with the kernel it's simple enough to just install another. However, with Windows this isn't so: a problem in the kernel can only be fixed by upgrading to another operating system or another version of Windows, which would cost money.

Conversely, if a server software is selected only for its familiar appearance, the result isn't likely to be very secure.

Yes; this very approach is flawed, since flaunting the GUI as a benefit to a server operating system encourages admins to access the server locally, probably logged in as an administrator, which is a fairly nasty breach of security protocols, which encourage headless usage with a non-privileged account wherever possible. See the article to which I linked above for further details.